MozillaWiki

Identity/CryptoIdeas/01-PBKDF-scrypt: Difference between revisions

Page Discussion

Identity/CryptoIdeas/01-PBKDF-scrypt (view source)

Revision as of 00:55, 11 April 2012

109 bytes added ,  11 April 2012
no edit summary
(added updates/discussion section)
No edit summary
Line 186: Line 186:
the long run, when all browsers have native implementations, this is a great
the long run, when all browsers have native implementations, this is a great
position to occupy.
position to occupy.
== Updates / Discussion ==
* 10-Apr-2012: updated cost model: EC2 spot prices are 3x lower than on-demand, lowering scrypt "expensive" attack from $750k to $258k -warner


== Write-Enabler Attacks, Details ==
== Write-Enabler Attacks, Details ==
Line 271: Line 267:
above (to establish the Verifier) must be applied here: checking an SSL
above (to establish the Verifier) must be applied here: checking an SSL
certificate, or encrypting to/from a pre-established public key.
certificate, or encrypting to/from a pre-established public key.
== Updates / Discussion ==
* 10-Apr-2012: updated cost model: EC2 spot prices are 3x lower than on-demand, lowering scrypt "expensive" attack from $750k to $258k -warner
* note that the current plan is to *not* store the WUK on a Primary IdP, but only on a mozila server -warner
Warner
Confirmed users
471

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/418830"